A Russian man has been sanctioned by the government for his role in a data breach that compromised the personal information of more than 10 million Australians.

Aleksandr Ermakov has been named by the federal government as the person responsible for the massive Medibank hack iin October 2022 this affected at least 9.7 million customers.

Information including names, dates of birth, addresses and phone numbers was compromised, some of which was published on the dark web.

But a joint operation conducted by the Australian Signals Directorate and the Australian Federal Police with other agencies and international partners was able to link Ermakov, a known cybercriminal, to his role in the cyberattack.

The Australian government responded on Tuesday, using cyber sanctions powers against Ermakov for the first time.

This means it will be a criminal offense to make available, revise, use or deal with assets, including through cryptocurrency wallets or ransomware payments. Each violation carries a prison sentence of up to 10 years.

Home Secretary Clare O’Neil called the cybercriminals “cowards and bastards hiding behind technology.”

“This is a very important day for cyber security in our country,” she told reporters in Canberra.

‘It helped us understand that the enormous costs are an issue… and showed us something about the caliber of people we are dealing with.

The government says a number of Russian cyber gangs are at the heart of the threats Australians face.

The sanctions imposed are part of Australia’s efforts to weaken these organizations.

Many of them are dynamic and operate in clusters, says Australian cyber security chief Abigail Bradshaw, so naming and identifying cybercriminals will hurt their efforts.

Foreign Minister Penny Wong said the sanctions sent a message.

“There are costs and consequences to targeting Australia and targeting Australians,” she said.

“The sanctions are part of Australia’s efforts to ensure we uphold the international rules-based order.